[U-Boot] U-Boot, cache speculation side channel attacks and ARM

Mark Kettenis mark.kettenis at xs4all.nl
Fri Jan 19 22:21:44 UTC 2018


> Date: Fri, 19 Jan 2018 16:56:14 -0500
> From: Tom Rini <trini at konsulko.com>
> 
> Hey all,
> 
> So, now that things have quieted down a little bit in this area, I've
> been wondering about something.  Over on the U-Boot side of things, are
> there changes we need to make in order to support the kernel side of the
> various mitigations properly?  I know that for example currently
> https://developer.arm.com/support/security-update talks about ATF
> patches, in the context of AArch64 however.  But on the other hand for
> variant 2, there's nothing listed on the Linux side for 32bit ARM, but
> there is for non-Linux OSes.
> 
> And, in the event I'm also missing something else entirely that we need
> to do here, is there something that we need to be doing?  Or is it still
> too early at this point in time to know?

I think that for AArch32, the following bit advice is relevant:

  For Cortex-A15, set ACTLR[0]==1 from early initialization of the
  processor, and invalidate the branch predictor by performing an
  ICIALLU instruction.

For now OpenBSD assumes that "the firmware" sets ACTLR[0] since this
register may be read-only in non-secure mode.  And unless I missed
something Linux makes the same assumption.

If U-Boot provides the PSCI implementation it should probably flush
the BTB on affected 32-bit processors and should defenitely flush on
64-bit processors.





More information about the U-Boot mailing list